diff --git a/cmd/nginx/flags.go b/cmd/nginx/flags.go index ea4d8f207..c1bddcbb8 100644 --- a/cmd/nginx/flags.go +++ b/cmd/nginx/flags.go @@ -126,7 +126,7 @@ Requires the update-status parameter.`) enableSSLPassthrough = flags.Bool("enable-ssl-passthrough", false, `Enable SSL Passthrough.`) - annotationsPrefix = flags.String("annotations-prefix", "nginx.ingress.kubernetes.io", + annotationsPrefix = flags.String("annotations-prefix", parser.DefaultAnnotationsPrefix, `Prefix of the Ingress annotations specific to the NGINX controller.`) enableSSLChainCompletion = flags.Bool("enable-ssl-chain-completion", false, diff --git a/internal/ingress/annotations/parser/main.go b/internal/ingress/annotations/parser/main.go index 6fd98dcf5..3fae804da 100644 --- a/internal/ingress/annotations/parser/main.go +++ b/internal/ingress/annotations/parser/main.go @@ -28,9 +28,12 @@ import ( "k8s.io/ingress-nginx/internal/ingress/errors" ) +// DefaultAnnotationsPrefix defines the common prefix used in the nginx ingress controller +const DefaultAnnotationsPrefix = "nginx.ingress.kubernetes.io" + var ( - // AnnotationsPrefix defines the common prefix used in the nginx ingress controller - AnnotationsPrefix = "nginx.ingress.kubernetes.io" + // AnnotationsPrefix is the mutable attribute that the controller explicitly refers to + AnnotationsPrefix = DefaultAnnotationsPrefix ) // IngressAnnotation has a method to parse annotations located in Ingress diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index 44a1bca83..0ef2de542 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -35,6 +35,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/class" "k8s.io/ingress-nginx/internal/ingress/annotations/log" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/proxy" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" "k8s.io/ingress-nginx/internal/k8s" @@ -216,6 +217,14 @@ func (n *NGINXController) CheckIngress(ing *networking.Ingress) error { return nil } + if parser.AnnotationsPrefix != parser.DefaultAnnotationsPrefix { + for key := range ing.ObjectMeta.GetAnnotations() { + if strings.HasPrefix(key, fmt.Sprintf("%s/", parser.DefaultAnnotationsPrefix)) { + return fmt.Errorf("This deployment has a custom annotation prefix defined. Use '%s' instead of '%s'", parser.AnnotationsPrefix, parser.DefaultAnnotationsPrefix) + } + } + } + filter := func(toCheck *ingress.Ingress) bool { return toCheck.ObjectMeta.Namespace == ing.ObjectMeta.Namespace && toCheck.ObjectMeta.Name == ing.ObjectMeta.Name diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index 0dfc1533a..9d4eae08c 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -42,6 +42,7 @@ import ( "k8s.io/ingress-nginx/internal/ingress" "k8s.io/ingress-nginx/internal/ingress/annotations" "k8s.io/ingress-nginx/internal/ingress/annotations/canary" + "k8s.io/ingress-nginx/internal/ingress/annotations/parser" "k8s.io/ingress-nginx/internal/ingress/annotations/proxyssl" "k8s.io/ingress-nginx/internal/ingress/controller/config" ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config" @@ -243,6 +244,18 @@ func TestCheckIngress(t *testing.T) { } }) + t.Run("When the default annotation prefix is used despite an override", func(t *testing.T) { + parser.AnnotationsPrefix = "ingress.kubernetes.io" + ing.ObjectMeta.Annotations["nginx.ingress.kubernetes.io/backend-protocol"] = "GRPC" + nginx.command = testNginxTestCommand{ + t: t, + err: nil, + } + if nginx.CheckIngress(ing) == nil { + t.Errorf("with a custom annotation prefix, ingresses using the default should be rejected") + } + }) + t.Run("When the ingress is in a different namespace than the watched one", func(t *testing.T) { nginx.command = testNginxTestCommand{ t: t,